After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 730294 - Use GnuTLS crypto API instead of gcrypt
Use GnuTLS crypto API instead of gcrypt
Status: RESOLVED FIXED
Product: NetworkManager
Classification: Platform
Component: general
0.9.8
Other Linux
: Normal normal
: ---
Assigned To: NetworkManager maintainer(s)
NetworkManager maintainer(s)
Depends on:
Blocks:
 
 
Reported: 2014-05-17 06:40 UTC by Michael Biebl
Modified: 2015-04-01 11:31 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description Michael Biebl 2014-05-17 06:40:16 UTC 
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745955

The latest versions of gnutls no longer use gcrypt as crypto backend but nettle. 
Thus building network-manager against gnutls 3 means it will require two crypto libraries.
This could be avoided by using the crypto API provided by GnuTLS.

See the referenced bug report for more details.
Comment 1 Thomas Haller 2014-05-19 14:04:17 UTC 
Note, that when you build NM --with-crypto=gnutls, NM itself has a build- and runtime-dependency on libgcrypt.

> network-manager uses both gnutls and gcrypt. However it does not
> build-depend on libgcrypt11-dev or libgcrypt20-dev but instead relies
> on libgnutls-dev depending on libgcrypt11-dev.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745955#15

This would be a bug in the debian package, NM must itself depend on libgcrypt.
But AFAIS, that is already fixed in Debian/testing(!?)





Anyway, I agree, it seems like a nice optimization to use gnutls only.


All the uses of libgcrypt are inside:
    libnm-util/crypto_gnutls.c
Comment 2 Michael Biebl 2014-05-19 14:46:20 UTC 
Right, the (currently) missing build-dependency on libgcrypt11-dev is a bug in the Debian package. It shouldn't rely on libgnutls-dev to pull in that dependency.

But that is not what this (upstream) bug report is about.
Comment 3 Jiri Klimes 2015-03-30 08:39:50 UTC 
Branch jk/gnutls-api-bgo730294 removes gcrypt dependency and uses gnutls crypto API instead.
Comment 4 Thomas Haller 2015-03-30 12:37:28 UTC 
(In reply to Jiri Klimes from comment #3)
> Branch jk/gnutls-api-bgo730294 removes gcrypt dependency and uses gnutls
> crypto API instead.

crypto_gnutls.c:84:27: error: implicit conversion from enumeration type 'gnutls_mac_algorithm_t' to different enumeration type 'gnutls_digest_algorithm_t' [-Werror,-Wenum-conversion]
        if (gnutls_hash_get_len (GNUTLS_MAC_MD5) > MD5_HASH_LEN) {
            ~~~~~~~~~~~~~~~~~~~  ^~~~~~~~~~~~~~
crypto_gnutls.c:88:37: error: implicit conversion from enumeration type 'gnutls_mac_algorithm_t' to different enumeration type 'gnutls_digest_algorithm_t' [-Werror,-Wenum-conversion]
                             gnutls_hash_get_len (GNUTLS_MAC_MD5), MD5_HASH_LEN);
                             ~~~~~~~~~~~~~~~~~~~  ^~~~~~~~~~~~~~
crypto_gnutls.c:95:33: error: implicit conversion from enumeration type 'gnutls_mac_algorithm_t' to different enumeration type 'gnutls_digest_algorithm_t' [-Werror,-Wenum-conversion]
                err = gnutls_hash_init (&ctx, GNUTLS_MAC_MD5);
                      ~~~~~~~~~~~~~~~~        ^~~~~~~~~~~~~~
Comment 5 Jiri Klimes 2015-03-30 14:34:48 UTC 
Right, GNUTLS_DIG_MD5 should be used instead of GNUTLS_MAC_MD5 (even though the values are the same.)
Fixed and re-pushed the branch.
Comment 6 Dan Williams 2015-03-31 14:59:53 UTC 
Looks good to me; testcases pass.
Comment 7 Jiri Klimes 2015-04-01 11:31:25 UTC 
Pushed to master:
b6f5f03 crypto: only use gnutls crypto API, remove libgcrypt dependency (bgo #730294)